Compute nodes are bare metal servers or virtual machines running in the cloud or on-premise.
Users can label compute nodes when registering to Fortanix Confidential Computing Manager (CCM) to provide identity and policy management on the compute nodes. Before running a Compute Node, it must be enrolled in the Fortanix CCM. This is called the Node Enrollment process.
Fortanix Node Agent software enables registration of the compute nodes to Fortanix CCM when installed on a compute node.
The Node Agent assists in the verification of Hardware and Platform software running on the compute nodes.
The Node Agent also assists with application attestation and visibility for Fortanix CCM.
Manage Nodes using Fortanix Confidential Computing Manager
- Sign in to the Fortanix CCM UI, and navigate to the Infrastructure tab in the Management Console.
- Click the IP address of the node that you want to investigate. An information screen opens.
- On the information screen, you can choose to deactivate/delist the node or download the certificate that is used. To download the certificate, refer to the next section, Download Confidential Computing Manager Node Attestation Certificate.
Download Confidential Computing Manager Node Attestation Certificate
To download the CCM node attestation certificate:
- Go to the Infrastructure tab and on the Compute Nodes page, click the compute node for which you want to download the certificate. Figure 1: Select node
- You can download the certificate from the Compute Node detailed view using the Download option on the right. This certificate contains Intel SGX details such as CPUSVN (CPU Security Version Number) of the compute node, MRENCLAVE of the node agent software, and so on, as seen from the screenshot below.
Figure 2: Download Certificate